Linux insecurity. Opinions

What do you think about it? Linux | Madaidan's Insecurities

The author specifies that the topic is security, not privacy. According to him Windows and MacOS (even android on mobile) by default are safer than Linux on desktop, which apparently is very lacking in security. It would seem that no linux distro, apart from MAYBE qubes, is up to par with the aforementioned systems.

it seems to me an impartial and objective post, there are many sources cited including those of security experts.

Yes Linux has security problems by design. X11 server allows any process captures keyboard events of other processes that leads to keylogging (check Xspy).
The package installer of Debian, dpkg (i haven’t tested any other installers so i can’t say) can infect malicious scripts/ binaries as root permission silently. Here is my walkthrough Infect target with .deb package. In this case, MacOS has a feature that verify packages and warn users about untrusted packages so at least it has “something” and Debian has nothing.
This tool allows attackers dump passwords from RAM GitHub - huntergregal/mimipenguin: A tool to dump the login password from the current linux user. According to the Readme A tool to dump the login password from the current linux desktop user. Adapted from the idea behind the popular Windows tool mimikatz. This was assigned CVE-2018-20781 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20781). Fun fact it's still not fixed after GNOME Keyring 3.27.2 and still works as of 3.28.0.2-1ubuntu1.18.04.1.
On Linux, you have unknown interpreters and known interpreter could allow process to create reverse shell and pty shell. For example expect command https://stackoverflow.com/a/45130404, tsh shell, … and you barely know about it or you don’t even know it is in your system.

how does parrot os deal with all these problems? Apparently experts also criticize the release model of distro as debian.

Parrot OS is not THAT powerful and Parrot Team has only 4 devs for now. We can add solutions, we can research, we can fix something but we can’t change whole Linux world.

hello do you think your parrot system is less secure than os official debian?

Yes and no.
For example, sudo could be a sink hole (idk if i am using this word correctly). Non-root users + daemon users + root users is always harder to get privs than daemon users + sudo users + root users.
Parrot OS has some preinstalled tools to protect privacy and encrypt data. encryptpad isn’t on the Debian repo, so does anonsurf and some tools are not preinstalled. But it also means there are more place for 0days could be exploited.
Debian doesn’t have much preinstalled packages compare with Parrot. So, again, it has less attack surfaces.
Parrot could add some more hardening rules, sandbox solutions (again but more stable), or even preinstalled AV but security is an illusion. Nothing is perfect. (Yeah i’m still having an idea of create new open source AV).
Now is the super insecure point of Parrot, but that wasn’t Parrot team’s fault

  1. This is command injection of searchsploit, exploitdb command to search. In real world, the attack impact is not so high but it is an example of all tools can have vulnerabilities and you dont know which has vulnerabilities in your system Command injection in exact search (version 4.1.3) · Issue #189 · offensive-security/exploitdb · GitHub
  2. Package Xspy, X11 keylogger is preinstalled in Security edition and it has EXECUTABLE PERMISSION AND ANY USER ON SYSTEM CAN EXECUTE IT. That means if you are attacked by any attacker that has daemon user, they can execute it and get your user’s password. And i have to mention again, Parrot uses sudo so if they can capture your sudo, yep the whole system is fucked. I don’t know why they package the binary like that. I fixed permission to 700 and moved the binary to /usr/share/ instead of /usr/bin/ so it is no longer being executed by any users. The same stories go to other packages that use on target’s machine only.

thank you for the details i understand better now.i have another question i have my hard drive that starts up repeatedly it happens on all versions of parrot even the old ones and happens on kali linux also but it does not happen on debian 10 and 11 linux mint,lmde4,ubuntu
I have changed the format of my partitions to ext4 but the problem is still there. I have also removed the indexing service locate or mlocate I know more but still parreils. The only problem I know on my system is linked to my graphics card which is badly recognized but I see small bugs when I scroll the page in firefox or it happens when I open windows and the startup of the hard disk also happens at times when I open windows with an opening time that I think is too slow and that displays the outline of the window before the content but not all the time that’s why I think maybe that the startup is linked to my graphics card or not?

I don’t understand it
It could be incompatible system services that were preinstalled. IDk. can’t say anything until error logs are showed.

I can say anything but it could be. Graphic card vendors don’t support Linux drivers so well. And Linux kernel sometimes changes api so much so it is a little unstable on any rolling distro

ok I can see, maybe the configuration of grub?
what feedback would help you to understand better?

idk. You should check /var/log/ and see anything could help.

Hi Dmknght,

Regarding this vulnerability, as mentioned Parrot Sec has Package Xspy pre installed which could potentially be a security risk and like you mentioned “ Parrot uses sudo so if they can capture your sudo, yep the whole system is fucked.”

So if we use Parrot Home are we on the safer side and also sudo will be lesser of a risk? And do you have any tips how to improve the security aspect of this?

Thanks Dmknght :sunglasses:

I have no answer for this. There are some tricks / methods can improve security but it depends on many things. You can’t say you are secure by this then other users are secure by this. Security is illusion. I’d recommend you read Mitre attack and create your own security configurations.